Beware the latest LinkedIn attack, security experts warn.
NurPhoto via Getty Images
Gmail passwords leaked, PayPal users warned of attacks, even Twitter, sorry X, issuing an account lockdown warning, are all, sadly, par for the cybersecurity news headlines course these days. What isn’t is attacks that focus on LinkedIn, the professional and business networking platform that boasts more than a billion users. If you are one of them, then I apologize, but you need to be aware of just such an occurrence.
LinkedIn Users Warned To Beware This New Direct Message Attack
The last time I wrote a LinkedIn-specific news story was way back in February, when I warned of a Lazarus attack that targeted the wrong user. That LinkedIn doesn’t feature more in security news reports is a good thing; it means the platform is doing something right. This latest warning, however, is worth taking seriously, as the attackers are targeting the right users — at least in terms of potentially profitable outcomes. Push Security researcher Dan Green has confirmed that business executives on the networking platform are vulnerable to a “high-risk LinkedIn phishing attack,” via the LinkedIn direct messaging resource.
This is particularly worrying because LinkedIn itself, “while often used for work and commonly accessed from corporate devices,” Green warned, “sits outside the purview of enterprise security tools, exploiting a visibility and control blind spot.”
In the case detailed by Green, in technical glory for those who like such things, the victim received a malicious LinkedIn direct message which redirected them a total of three times, through Google Search, a supposed payroll site and ultimately to a custom landing page hosting various documents. “Upon clicking on one of the document links on the page, the victim is prompted to view with Microsoft,” and, well, you can probably guess the rest. A cloned Microsoft page requires credentials to be entered and 2FA authentication to be completed, at which point the attacker has that Microsoft session stolen.
LinkedIn As An Attack Platform Is A Clever Move By Scammers
Using LinkedIn to launch such attacks is a clever move by threat actors, not least as many users will be expecting contacts from outside of their organization to talk about work. By not using email, this also adds to the detection-evasion toolkit. The attackers then used a chain of legitimate sites to avoid being flagged as suspicious and to cloak the ultimate URL destination..
“Just because the attack happens over LinkedIn doesn’t lessen the impact,” Green said, “these are corporate credentials and accounts being targeted, even if it is nominally a ‘personal’ application.”
I reached out to LinkedIn, and a spokesperson provided the following statement: “Sophisticated phishing scams are a problem across the internet, and our teams use a variety of automated technology and trained investigation experts to detect and stop harmful behavior. Our free verification features enable members to make more informed decisions on who they’re interacting with. We also proactively share safety tips including how to report any suspicious messages to us, and how to enable the optional advanced safety feature which can help identify potentially harmful or fraudulent content.”